Port 80 virtual host port 80 failure :: RHEL 8.10 w/ Apache httpd on port 80 via oob /etc/httpd/conf/httpd.conf

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
mail.isylum.org

I ran this command:
sudo certbot certonly -v --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): mail.isylum.org
Requesting a certificate for mail.isylum.org
Performing the following challenges:
http-01 challenge for mail.isylum.org
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache HTTP Server 2.4.37:

Name        : httpd
Version     : 2.4.37
Release     : 64.module+el8.10.0+90271+3bc76a16
Architecture: x86_64
Install Date: Thu 13 Jun 2024 12:05:30 PM EDT
Group       : System Environment/Daemons
Size        : 4507628
License     : ASL 2.0
Signature   : RSA/SHA256, Wed 10 Apr 2024 03:40:16 AM EDT, Key ID 82562ea9ad986da3
Source RPM  : httpd-2.4.37-64.module+el8.10.0+90271+3bc76a16.src.rpm
Build Date  : Wed 10 Apr 2024 03:37:40 AM EDT
Relocations : (not relocatable)
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

The operating system my web server runs on is (include version):

cat /etc/redhat-release ; uname -a
Red Hat Enterprise Linux release 8.10 (Ootpa)
Linux mail.isylum.org 5.15.0-206.153.7.1.el8uek.x86_64 #2 SMP Wed May 22 20:49:34 PDT 2024 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Debug log:

2024-06-13 17:24:19,707:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-06-13 17:24:19,708:INFO:certbot._internal.auth_handler:http-01 challenge for mail.isylum.org
2024-06-13 17:24:19,710:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2474, in perform
    http_response = http_doer.perform()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 66, in perform
    self._mod_config()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 102, in _mod_config
    selected_vhosts += self._relevant_vhosts()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 145, in _relevant_vhosts
    raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

2024-06-13 17:24:19,710:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-06-13 17:24:19,710:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-06-13 17:24:19,911:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3834/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2474, in perform
    http_response = http_doer.perform()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 66, in perform
    self._mod_config()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 102, in _mod_config
    selected_vhosts += self._relevant_vhosts()
  File "/var/lib/snapd/snap/certbot/3834/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 145, in _relevant_vhosts
    raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2024-06-13 17:24:19,912:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2

It would be helpful to know what exactly the code is looking for re: virtual host on port 80.

I am using an OOB configuration of httpd which was installed and enabled on port 80 as follows:

sudo yum install httpd httpd-tools -y
sudo systemctl enable httpd
sudo systemctl start httpd

# Open ports thru Linux firewalld:
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload

You can see that there is in fact a port 80 listener there:

$ sudo netstat -plnt | egrep '^Active|^Proto|:80[[:blank:]]|:443[[:blank:]]'
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::80                   :::*                    LISTEN      53434/httpd

The site is working. Port 80 is confirmed.

$ curl -s http://mail.isylum.org:80/ 2>/dev/null | grep -i '<title>'
		<title>Apache HTTP Server Test Page powered by Linux</title>
3

OIC! I got it working by adding the following to the default config:

$ sudo cat /etc/httpd/conf.d/mail.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/mail.isylum.org/"
    ServerName mail.isylum.org
    CustomLog /var/log/httpd/mail.isylum.org_access.log combined
    ErrorLog /var/log/httpd/mail.isylum.org_error.log
</VirtualHost>
2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.